unauthorized error when mongodb has auth

[zx86496790]

Summary

since the default sorry-cypress mongodb does not have username and password, it has been hacked twice within 2 weeks.
so I setup another server
but I got following errors:

`mongo_1 | 2020-10-14T04:48:33.229+0000 I NETWORK [conn1] received client metadata from conn1: { driver: { name: "nodejs", version: "3.6.2" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "5.4.0-42-generic" }, platform: "'Node.js v12.19.0, LE (legacy)" }

mongo_1 | 2020-10-14T04:48:33.296+0000 I ACCESS [conn1] Successfully authenticated as principal xxx on admin from client

mongo_1 | 2020-10-14T04:48:34.223+0000 I ACCESS [conn1] Unauthorized: not authorized on sorry-cypress to execute command { createIndexes: "runs", indexes: [ { name: "runId_1", key: { runId: 1 }, unique: true } ], lsid: { id: UUID("e48fef7d-929e-4805-aad9-9462b62f9a53") }, $db: "sorry-cypress" }

mongo_1 | 2020-10-14T04:48:34.240+0000 I NETWORK [listener] connection accepted from #2 (2 connections now open)

mongo_1 | 2020-10-14T04:48:34.315+0000 I NETWORK [conn2] received client metadata from conn2: { driver: { name: "nodejs", version: "3.6.2" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "5.4.0-42-generic" }, platform: "'Node.js v12.19.0, LE (legacy)" }

mongo_1 | 2020-10-14T04:48:34.363+0000 I ACCESS [conn2] Successfully authenticated as principal xxx on admin from client

mongo_1 | 2020-10-14T04:48:34.365+0000 I ACCESS [conn1] Unauthorized: not authorized on sorry-cypress to execute command { createIndexes: "instances", indexes: [ { name: "instanceId_1", key: { instanceId: 1 }, unique: true } ], lsid: { id: UUID("616afe95-d4e7-4cdb-b6aa-e52e31560f88") }, $db: "sorry-cypress" }

mongo_1 | 2020-10-14T04:48:34.368+0000 I ACCESS [conn2] Unauthorized: not authorized on sorry-cypress to execute command { createIndexes: "projects", indexes: [ { name: "projectId_1", key: { projectId: 1 }, unique: true } ], lsid: { id: UUID("fdd8631d-e4f2-4e70-ba2e-00a4c45e503a") }, $db: "sorry-cypress" }

mongo_1 | 2020-10-14T04:49:28.329+0000 I NETWORK [conn2] end connection (1 connection now open)

mongo_1 | 2020-10-14T04:49:28.330+0000 I NETWORK [conn1] end connection (0 connections now open)`

How to reproduce

change docker-compose.full.yml file under services mongo command to mongod --auth
change mongodb_uri under director and api to URI with username and password.
add user to both admin and sorry-cypress tables with dbOwner role. the user added to both tables have exactly same username and password

Environment

Ubuntu and docker container with sorry-cypress

please help

[agoldis]

Looking at the error message, it seems like the credentials are not sufficient for index creation.

Please try connecting to mongo using the same credentials and create an index.

db.collection.ensureIndex({ text: 'text' })

https://docs.mongodb.com/manual/reference/method/db.collection.ensureIndex/

Please let me know what are you getting.

[zx86496790]

thank you for your reply.
I have tried the command you posted and got this message:

db.collection.ensureIndex({ text: 'text' })
{
"createdCollectionAutomatically" : true,
"numIndexesBefore" : 1,
"numIndexesAfter" : 2,
"ok" : 1
}

thank you

[agoldis]

Well, the example I provided was a generic example. You need to make sure

1. you use the same credentials
2. you use the same collection
3. you create the same index

You can infer all the details from the error message

[zx86496790]

Hi Andrew,

I am still not able to get it working.
here are the steps I tried(username and password are replaced by xxxxxx but I double checked that they are same):

use admin
switched to db admin
db.auth("xxxxxx","xxxxxx")
1
use sorry-cypress
switched to db sorry-cypress
db.auth("xxxxxx","xxxxxx")
1

mongo_1 | 2020-10-14T20:11:44.585+0000 I NETWORK [listener] connection accepted from ip:52422 #2 (2 connections now open)
mongo_1 | 2020-10-14T20:11:44.662+0000 I NETWORK [conn2] received client metadata from ip:52422 conn2: { driver: { name: "nodejs", version: "3.6.2" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "5.4.0-42-generic" }, platform: "'Node.js v12.19.0, LE (legacy)" }
mongo_1 | 2020-10-14T20:11:44.709+0000 I ACCESS [conn2] Successfully authenticated as principal xxxxxx on admin from client 172.18.0.3:52422
mongo_1 | 2020-10-14T20:11:44.711+0000 I ACCESS [conn1] Unauthorized: not authorized on sorry-cypress to execute command { createIndexes: "instances", indexes: [ { name: "instanceId_1", key: { instanceId: 1 }, unique: true } ], lsid: { id: UUID("fbf67c58-c37b-4e93-8bf0-b487dbcc4834") }, $db: "sorry-cypress" }
mongo_1 | 2020-10-14T20:11:44.712+0000 I ACCESS [conn2] Unauthorized: not authorized on sorry-cypress to execute command { createIndexes: "projects", indexes: [ { name: "projectId_1", key: { projectId: 1 }, unique: true } ], lsid: { id: UUID("20a78d03-0e50-4603-9d45-a9828fbffb18") }, $db: "sorry-cypress" }

when I tried to use account to ensureIndex this time I got this error:
{
"ok" : 0,
"errmsg" : "too many users are authenticated",
"code" : 13,
"codeName" : "Unauthorized"
}

Thank you

[agoldis]

@zx86496790 Looking at the error too many users are authenticated I think you need to figure out if the credentials you've got for mongo are actually sufficient for sorry-cypress.

It's kind of out of scope for the project - there're plenty resource available for troubleshooting mongo auth problems. Sorry I know that it doesn't really help.

I'll leave this issue open for a week-two may be some one will be able to help you

[dlavrenuek]

Hey zx86496790, IIf you are using the docker-compose.full.yml provided and don't access the database from outside yourself, just remove lines 6+7, this will make mongoDB only accessible from the same docker network (only containers configured in the same docker-compose file).

services:
  mongo:
    image: mongo:4.0

  director:
    image: agoldis/sorry-cypress-director:latest
# ... rest of the file

[zx86496790]

Hi @agoldis @dlavrenuek thank you for your reply. after I updated to the latest version of sorry-cypress, I kept getting failed to fetch error on dashboard. can you please let me know where to find the error log? thank you

[agoldis]

@zx86496790 For the dashboard - it just runs in your browser, open the dev panel and you'll see error details. For the api service - it depends on what environment is running the service

[zx86496790]

@zx86496790 For the dashboard - it just runs in your browser, open the dev panel and you'll see error details. For the api service - it depends on what environment is running the service

Hi Andrew, thank you for your reply. I got this error on localhost:4000 Failed to load resource: net::ERR_CONNECTION_REFUSED
is there a way to debug that? I did not see any error in console and saw this Apollo server is ready at http://localhost:4000/

thank you